September 11, 2020 By BlueAlly
By Jonathan Nguyen-Duy
Customer Perspectives
The COVID-19 pandemic forced many businesses to rapidly enable most, if not all, of their employees to work from home. But while the lights are off in corporate conference rooms and cubicles, on-premises data, applications, and servers are still serving critical business functions for organizations. Not only that, but all those remote workers still require secure access to the network resources. Despite these challenges, Fortinet was able to rapidly expand remote access without compromising security or productivity.
Existing Secure Teleworker Solutions Ensure Optimal Work-From-Home Experience
Fortinet has offices around the globe. In the company’s Europe, Middle East, and Africa (EMEA) division, the usual pool of 600 remote workers suddenly grew to 1,600 as a result of work-from-home mandates. Typically, such a massive shift to remote work would require a months-long planning process and significant investments in new technology—a luxury the Fortinet IT team did not have. Because of this, IT teams that could leverage existing security solutions were best positioned to smoothly transition their workforce to telework without sacrificing performance or protection. Fortunately, the Fortinet IT team was able to do just that, scaling their existing Fortinet security architecture to meet the requirements of this new normal at no additional cost.
“Employees need access to file servers, application servers, and other back-office resources, as well as to our laboratory devices for use in testing and in proofs of concept,” explains IT Manager Cyrille Carrasco. “These resources are not available via the internet, and for many employees, this was their first experience of working remotely.” Furthermore, staff across Europe needed remote access to their Fortinet phones. “This is important for all employees, but particularly for workers in our call center,” Carrasco says. “They answer between 40,000 and 50,000 calls each month.”
The built-in capabilities of FortiGate firewalls, FortiClient, and other security technologies enabled the IT team to scale rapidly and provide all call center employees with remote access to the phone system and other necessary applications without straining resources. With minor configurations, including optimizing the FortiVoice phone systems to give remote employees extended telephony capabilities by using a softclient on their computers, the existing solutions ensured secure telework for employees without requiring additional hardware or CAPEX. As a result of these efforts, they expanded their virtual private network (VPN) capacity to serve three times as many concurrent users as they served previously, in a way that IT staff can secure from their own home offices.
Preparing for Widescale Remote Access to the Corporate Network
Fortinet EMEA was using FortiGate next-generation firewalls (NGFWs) to give remote users VPN access to the corporate network, using secure socket layer (SSL) VPNs. With these existing FortiGates—which include IPS, antivirus protection, and application control features—Fortinet had all the technology in place needed to enable widespread work-from-home.
They also ensured employees could access VPN through any point of presence with redundant options for SSL VPN connectivity throughout the region. So if one VPN gateway were to become unreachable, the user’s FortiClient would give them options of other available gateways that they could connect instantly to avoid disruption.
Secure Connectivity: Any Time, Any Place
For end-users who already had company-issued laptops, the technology transition has been easy and transparent. The FortiClient solution provides options for SSL VPN connections to FortiGate firewalls, and the central IT team can seamlessly push out any necessary configuration changes from their own home offices.
The SSL VPN connection enables all traffic to be encrypted. Then, the FortiGate firewalls scan all traffic that comes in through the VPN. The FortiAuthenticator user identity management server utilizes the corporate Active Directory (AD) to confirm user credentials and permissions to access specific network resources, while the FortiToken solution verifies user identity. “The clients, the FortiGates, the servers, the switches—all the equipment that needs authentication is controlled by two-factor authentication within FortiAuthenticator,” Carrasco explains.
Further, in order to optimize communication efficiency, the IT group installed a voice softclient for every Fortinet EMEA employee. “Our staff needed all the same capabilities they have in the office, so we set up a softclient that connects employees’ computers to the FortiVoice PBX [private branch exchange],” Carrasco says. “As a result, all our employees are able to stay connected to one another without losing their productivity.”
And because all these solutions integrate into the Fortinet Security Fabric, the IT staff can manage the security architecture through a single pane of glass, even while working from home. With these existing solutions, Fortinet’s security team was well-positioned to facilitate new work-from-home policies without sacrificing the protection or performance of their users, applications, and data.
Discover how Fortinet Teleworker Solutions enable secure remote access at scale to support employees with a wide array of access requirements.